How does Cloud9 handles isolation using Docker?



Hi guys,

I have read that c9 workspaces are powered using Docker. I would be very interested to know a little more about what are the precautions used / the hardware and software architecture ensuring that nothing from inside the containers impacts the service.

I am currently writing an open-source sandboxing library to run untrusted python code in docker containers, and such information would be very helpful for me. If I get an answer, I’ll gladly add a link to C9 in the credits and mention I’m a convinced user.

You can DM me @christophetd on twitter if needed.

Thank you!